<?php
    session_start();
    require_once('userlevel.php'); //Require/include the permissions file
    require_once('template.php'); //Require/include the template file
    require_once('functions.php'); //Require/include the functions file
    require_once('db.php'); //Require/include the file with the database connection information
     
    if (!$_SESSION['user_loggedin']) {
        die ("Not logged in... <script>document.location.href='login.php'</script>");
    } elseif (!($_SESSION['userlevel'] >= $userlevel['renamefile'])) {
        die (errorpage ("Your user level is not high enough to use this feature!", 'Update Filename'));
    } else {
        //Connect to DB and connect to the database using db.php
        $db = new my_db;
        $id = strip_tags(mysql_escape_string($_GET['id']));
        template_headtag('Update a file location');
        template_header();
        template_left();
        echo "<div class='pageheadertext'>Update a file location</div><br/>";
        $db->query("SELECT * FROM trackedfiles WHERE id='$id'");
        $db->next_record();
        if ($db->nf() > 0) {
            $filename = strip_tags($db->f('filename'));
            $filepath = strip_tags($db->f('filepath'));
             
            if (isset($_POST['newname'])) {
                $newpath = mysql_escape_string($_POST['newpath']);
                $newname = mysql_escape_string($_POST['newname']);
                 
                if (empty($newpath)) {
                    errorbox("Please enter a file path");
                     
                } elseif (empty($newname)) {
                    errorbox("Please enter a file name");
                } elseif (!file_exists("$newpath$newname")) {
                    errorbox("No file found at new address");
                } else {
                     
                    $db->query("SELECT * FROM trackedfiles WHERE filename = '$newname' AND filepath = '$newpath'");
                    if ($db->nf() == 1) {
                        errorbox("Error new file name is already being tracked!");
                    } else {
                        $db->query("UPDATE trackedfiles SET filename='$newname', filepath='$newpath' WHERE filename='$oldname' AND filepath='$oldpath' ");
                        $db->query("UPDATE history SET filename='$newname', filepath='$newpath' WHERE filename='$oldname' AND filepath='$oldpath' ");
                         
                        $lastrevdate = date("Y-d-m h:i:s");
                        $lastuser = $_SESSION['username'];
                        $revsummary = "File moved from $oldname to $newname";
                        $db->query("INSERT INTO history (filename, filepath, revhash, revdate, user, revsummary) VALUES('$newname','$newpath','00000000000000000000000000000000','$lastrevdate', '$lastuser','$revsummary') ");
                        echo "File location updated <br/>";
                        echo "<a href='listfiles.php?dir=$filepath'>Back</a></div>";
                        echo $SiteData[Endtag];
                         
                    }
                }
            } else {
                 
                 
                echo "
                    <form method='post' action='updatename.php?id=$id'>
                    New Path: <input type='text' name='newpath' value='$filepath'/><br /><br />
                    New Name: <input type='text' name='newname' value='$filename'/>
                    <br/><br />
                    <input type='submit' value='Update'/>
                    </form>
                     
                    ";
                echo "<br/><a href='javascript: history.go(-1)'>Back</a>";
                 
                 
            }
        } else {
            errorbox('File not found!');
        }
        template_footer();
    }
?>
